Authentication. Provides
a means for one party to verify another’s identity. For example, a client
gives a password to Directory Server during an LDAP bind operation. As
part of the authentication process, password policies define
the criteria that a password must satisfy to be considered valid, for example,
age, length, and syntax. Account inactivation disables
a user account, group of accounts, or an entire domain so that all authentication
attempts are automatically rejected.

Encryption. Protects the
privacy of information. When data is encrypted, the data is scrambled in a
way that only the recipient can decode. The Secure Sockets Layer (SSL)
maintains data integrity by encrypting information in transit. If encryption
and message digests are applied to the information being sent, the recipient
can determine that the information was not tampered with during transit. Attribute encryption maintains data integrity by encrypting stored
information.

Access control. Tailors
the access rights that are granted to different directory users, and provides
a means of specifying required credentials or bind attributes.

Auditing. Enables you to
determine if the security of your directory has been compromised. For example,
you can audit the log files maintained by your directory.

These security tools can be used in combination in your security design.
You can also use other features of the directory, such as replication and
data distribution, to support your security design.